Better Software Through Secure Coding Practices

Security flaws and vulnerabilities are all too common in software today. In response, we research and develop solutions for identifying and preventing security flaws during development, where it is much more cost effective than in the test phase or post-deployment.

Defect Removal Is a Major Challenge

Many research studies have shown that the cost to remove defects, including security flaws, can be hundreds of times higher after deployment. Moreover, adding security through testing is a never-ending task. Other research has shown that a majority of vulnerabilities are related to programming errors that are fairly well understood.

Research, Coding Standards, and Best Practices

To enable software developers to reduce vulnerabilities by eliminating coding errors, CERT researchers investigate how errors occur and how to prevent them, codify best practices and coding standards for security, and contribute that knowledge to the programming community. We disseminate information on these practices through courses, standards, webinars, blogs, conferences, reports, newsletters, and our Secure Coding wiki.

Community Guidance to Prevent Common Coding Errors

As a result of our work in developing secure coding practices and participation in creating international standards, we have released standards for C, C++, and Java. Standards for Perl and Android are in development and available on our wiki. The team has also begun efforts to create secure coding standards for additional languages: Ada, C#, Fortran, Python, JavaScript, and SPARK.

Our secure coding standards consist of actionable guidelines (rules and recommendations), which provide information about the types of security flaws that can be injected through development with specific programming languages. Each guideline offers a wealth of precise information describing the cause and impact of violations, including examples of common noncompliant (flawed) and compliant (fixed) code. Each guideline also includes a risk assessment for violations to it. You can access and download the standards for secure coding on the Secure Coding wiki.

Our secure coding standards are developed by studying the standards that define the programming languages themselves and how they are interpreted and compiled for runtime platforms. They also reflect our experience with audits of millions of lines of source code and countless contributions from the community. We have also contributed to international committees to improve the security of the programming languages and tools that are used to build systems with those languages.

In addition to developing standards and guidelines, we offer training to help developers, auditors, and testers improve their secure coding skills based on standards and identified best practices. The training is available with a live instructor or as an online course. We also made evaluating software for violations of specific secure coding rules more practical and accessible by developing static analysis checkers for rules in Clang (and Clang-Tidy) and our Rosecheckers tool. We’ve also advanced and developed other useful secure coding tools.

Source Code Analysis Laboratory

Our research, as well as research from others, has shown that different static analysis tools (tools designed to analyze source code to help find security flaws) are optimized to find different types of weaknesses. Therefore, it is almost always best to evaluate source code with multiple static analysis tools. However, doing so creates the complication of evaluating the results from multiple tools in an integrated way. Additionally, static analysis tools often have high false-positive rates (the alerts do not identify an actual problem) and often indicate stylistic issues rather than security issues.

Our experience performing audits with multiple static analysis tools improved our effectiveness and efficiency. From that experience, we developed the Source Code Analysis Laboratory (SCALe), which audits code to identify security flaws as indicated by violations of the CERT secure coding standards.

The SCALe tools aggregate output from commercial, open source, and experimental analysis tools and provide results in a single interface. They also filter out alerts that are not security related and map the security alerts from those tools to specific guidelines of the secure coding standards. This alert processing enables developers to quickly learn more about the security issue the alert is diagnosing, how to fix it, and how best to prioritize it with other alerts.

We can perform a SCALe assessment as a service to third parties, and we can help organizations adopt aspects of SCALe to help them improve their secure coding development and evaluation processes.

August 25, 2014Blog Post

According to a 2013 report examining 25 years of vulnerabilities (from 1998 to 2012), buffer overflow causes 14 percent of software security vulnerabilities and 35 percent of critical vulnerabilities, making it the leading cause of software security vulnerabilities overall. As...